Lucene search
K

202 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6537

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.0115EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-25225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using...

6.1CVSS5.8AI score0.00251EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2014-125128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href...

6.1CVSS6AI score0.00256EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/10 10:29 a.m.3 views

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

6.1CVSS6.5AI score0.00256EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/09/08 12:30 p.m.11 views

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +3093 more potentially affected by CVE-2019-25225 via sanitize-html (>=0.1.4 <=1.7.0)

sanitize-html NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =0.1.0, =0.1.0, =11.1.0, =1.0.0, =1.0.1, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.4 and more Source cves: CVE-2019-25225 Source advisory: OSV:GHSA-QHXP-V273-G94H...

6.1CVSS5.7AI score0.00251EPSS
Exploits1
OSV
OSV
added 2025/09/08 12:30 p.m.5 views

GHSA-QHXP-V273-G94H sanitize-html is vulnerable to XSS through incomprehensive sanitization

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS6.6AI score0.00251EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/09/08 12:30 p.m.10 views

sanitize-html is vulnerable to XSS through incomprehensive sanitization

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS6.6AI score0.00251EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/09/08 11:15 a.m.3 views

UBUNTU-CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

6.1CVSS5.8AI score0.00256EPSS
Exploits1References8
Snyk
Snyk
added 2025/09/08 10:43 a.m.4 views

Cross-site Scripting (XSS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS via the naughtyHref function. An attacker can execute...

6.1CVSS5.6AI score0.00256EPSS
Exploits1References2
NVD
NVD
added 2025/09/08 10:15 a.m.6 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS0.00251EPSS
Exploits1References4
OSV
OSV
added 2025/09/08 10:15 a.m.7 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS6.6AI score0.00251EPSS
Exploits1References4
OSV
OSV
added 2025/09/08 10:15 a.m.6 views

UBUNTU-CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS5.8AI score0.00251EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2025/09/08 10:9 a.m.5 views

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

6.1CVSS5.2AI score0.00256EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/09/08 10:9 a.m.2 views

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

6.1CVSS6.1AI score0.00256EPSS
Exploits1References4
CVE
CVE
added 2025/09/08 10:9 a.m.22 views

CVE-2014-125128

CVE-2014-125128 affects the sanitize-html library prior to 1.0.3. The root cause is the naughtyHref function not properly validating the href attribute in tags, allowing bypasses that rely on different casings, whitespace, or hexadecimal encodings. This leads to cross-site scripting (XSS) impact...

6.1CVSS6.1AI score0.00256EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/09/08 10:2 a.m.9 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS0.00251EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/09/08 10:2 a.m.5 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS5.2AI score0.00251EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/09/08 10:2 a.m.6 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS6AI score0.00251EPSS
Exploits1References4
CVE
CVE
added 2025/09/08 10:2 a.m.30 views

CVE-2019-25225

The CVE-2019-25225 entry has concrete details in connected documents: sanitize-html (pre-2.0.0-beta) is vulnerable to XSS when using the custom transformTags option. The vulnerability originates in sanitizeHtml() in index.js, which does not sanitize content under transformTags, allowing transform...

6.1CVSS6.1AI score0.00251EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.3 views

Apostrophe sanitize-html 安全漏洞

Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html versions prior to 1.0.3 that stems from the naughtyHref function...

6.1CVSS5.8AI score0.00256EPSS
Exploits1References5
Rows per page
Query Builder